-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 251-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
February 14th, 2003
IndyNews is a PhpNuke add-on that allows users to include media files
(images, documents and so on) to articles.
While I was playing with the module, I've found several problems.
1) function delMediaFile()
Anybody is able to delete any media attached to already approved articles.
2) function
In-Reply-To: [EMAIL PROTECTED]
Not according to my contacts at Ericsson. The vulnerability is limited
to
one batch of 6000 modems delivered to the Italian market, which is bad
enough! The entire 220 series was discontinued in 2001.
It may be that 220 series was discontinued in 2001,
Actually, many systems (current versions of solaris included) disallow
user ptrace(2) and restrict /proc access for processes whose binaries
are not readable. If you compile the binary statically (due to its
sensitive nature), you needn't worry about trickery with dynamic library
instructions.
-BEGIN PGP SIGNED MESSAGE-
We have contacted Davide Del Vecchio and confirmed that the
the buffer overflow in disable(1) does not occur with the
patches recommended in HPSBUX0208-213, which says in part:
-
HEWLETT-PACKARD
Actually, many systems (current versions of solaris included) disallow
user ptrace(2) and restrict /proc access for processes whose binaries
are not readable. If you compile the binary statically (due to its
sensitive nature), you needn't worry about trickery with dynamic library
instructions.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
@stake, Inc.
www.atstake.com
Security Advisory
Advisory Name: TruBlueEnvironment Privilege Escalation Attack
Release Date: 02/14/2003
Application:
